Victim Loses $282M in Bitcoin and Litecoin to Hardware Wallet Scam

A crypto holder lost over $282 million in Bitcoin and Litecoin on January 10 in what blockchain investigator ZachXBT described as a hardware wallet social engineering scam, marking the largest individual crypto theft of 2026 so far.

It in infact surpassed the previous notable social engineering hack record of $243 million set in August 2024.

The latest attacker immediately began converting the stolen assets into Monero through multiple instant exchanges, causing XMR’s price to spike sharply.

Bitcoin was also bridged to Ethereum, Ripple, and Litecoin via Thorchain as the perpetrator worked to obscure the funds’ trail across multiple blockchain networks.

Record-Breaking Theft Exceeds Previous Social Engineering Attack

The incident eclipses the August 2024 case involving Genesis creditor theft, where threat actors Greavys, Wiz, and Box stole $243 million through an elaborate social engineering operation.

That attack involved spoofed calls from Google and Gemini support representatives who convinced the victim to reset two-factor authentication and share screen access via AnyDesk, ultimately exposing private keys from Bitcoin Core.

ZachXBT’s investigation into the August case led to multiple arrests and the freezing of millions in assets.

Box and Greavys were arrested in Miami and Los Angeles, while Wiz was later apprehended by US Marshals.

Twelve people were eventually charged in connection with the $243 million theft, with a superseding indictment confirming the arrest of Danny Zulfiqar Khan in Dubai.

The scale of the latest $282 million loss demonstrates how social engineering tactics continue to evolve and exploit victims despite increased awareness and security measures across the crypto industry.

Persistent Threats Target Crypto Users Across Multiple Vectors

Social engineering attacks have become the dominant threat vector in crypto theft, with scammers increasingly impersonating customer support representatives from major platforms.

Brooklyn resident Ronald Spektor was also recently charged with allegedly stealing $16 million from roughly 100 Coinbase users by posing as company employees and using panic tactics to force quick decisions.

The infamous North Korean hacker has also resurfaced with new social engineering tactics.

“They message everyone with prior conversation history,” MetaMask security researcher Taylor Monahan explained, referring to North Korean hackers using fake Zoom tactics.

“DPRK threat actors are still rekting way too many of you via their fake Zoom / fake Teams meets.“

North Korean cybercriminals have stolen over $300 million using fake video conferencing tactics that install malware to exfiltrate passwords and private keys.

Attackers guide victims to Zoom links that point to recorded videos of known contacts, then send malicious “patch” files disguised as software updates that deploy Remote Access Trojans.

Despite an overall 60% decline in December exploit losses to $76 million, according to PeckShield, address poisoning scams and private key leaks remain significant threats.

One December victim lost $50 million after mistakenly copying a fraudulent address that visually mimicked their intended destination, while another breach involving a multi-signature wallet key leak resulted in $27.3 million in losses.

Industry data shows crypto theft reached $3.4 billion between January and early December 2025, with Americans losing a record $9.3 billion to crypto-related crimes in 2024.

Investment fraud accounted for $5.7 billion in losses, with victims over 60 reporting the highest individual losses at $2.8 billion.

Security experts keep emphasizing that technical solutions alone cannot prevent social engineering attacks.

“Assume every unsolicited message is a potential attack,” said Navin Gupta, CEO of blockchain analytics platform Crystal, in an interview with Cryptonews. “That mental shift alone filters out 80% of threat vectors.“

Experts recommend verifying every character of destination addresses before sending funds, avoiding SMS-based two-factor authentication in favor of hardware security keys, and never responding to unsolicited messages claiming account compromises.

The irreversibility of crypto transactions means victims typically cannot recover stolen funds once attackers gain access to private keys or trick users into authorizing transfers.

Read original story Victim Loses $282M in Bitcoin and Litecoin to Hardware Wallet Scam by Anas Hassan at Cryptonews.com